Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34993 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | |||||
| CVE-2023-34992 | 1 Fortinet | 1 Fortisiem | 2023-11-07 | N/A | 9.8 CRITICAL |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | |||||
| CVE-2023-34989 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34988 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34987 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34986 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34985 | 1 Fortinet | 1 Fortiwlm | 2023-11-07 | N/A | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | |||||
| CVE-2023-34152 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | |||||
| CVE-2023-2131 | 1 Inea | 2 Me Rtu, Me Rtu Firmware | 2023-11-07 | N/A | 9.8 CRITICAL |
| Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2023-29169 | 1 Myscada | 1 Mypro | 2023-11-07 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-29150 | 1 Myscada | 1 Mypro | 2023-11-07 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28716 | 1 Myscada | 1 Mypro | 2023-11-07 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28617 | 1 Gnu | 1 Org Mode | 2023-11-07 | N/A | 7.8 HIGH |
| org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | |||||
| CVE-2023-28400 | 1 Myscada | 1 Mypro | 2023-11-07 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28384 | 1 Myscada | 1 Mypro | 2023-11-07 | N/A | 8.8 HIGH |
| mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | |||||
| CVE-2023-28000 | 1 Fortinet | 1 Fortiadc | 2023-11-07 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command. | |||||
| CVE-2023-27999 | 1 Fortinet | 1 Fortiadc | 2023-11-07 | N/A | 7.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2023-27886 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2023-11-07 | N/A | 9.8 CRITICAL |
| Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script. | |||||
| CVE-2023-27394 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2023-11-07 | N/A | 9.8 CRITICAL |
| Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts. | |||||
| CVE-2023-26210 | 1 Fortinet | 2 Fortiadc, Fortiadc Manager | 2023-11-07 | N/A | 7.8 HIGH |
| Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. | |||||